Category: Vulnerability

Substance 3D Stager vulnerabilities

Patch Now! Adobe Stager Flaws Leak Memory, Run Rogue Code

Adobe has released a crucial security update that rectifies six vulnerabilities in its Substance 3D Stager product. If exploited successfully, these vulnerabilities could lead to memory leaks and arbitrary code execution. Substance 3D Stager...

Apache OFBiz vulnerabilities

SonicWall Detects Thousands of OFBiz Zero-Day Attempts

SonicWall has recorded thousands of daily attempts to exploit zero-day vulnerabilities in Apache OFBiz over nearly two weeks. The flaw was first publicized on December 26, leading to a significant increase in exploitation attempts....

BMW redirect vulnerability

Hackers Bypass BMW Defenses Through Subdomain Vulnerability

Cybernews specialists identified two BMW subdomains vulnerable to an exploit allowing malicious actors to redirect users to harmful websites. This vulnerability, named SAP Redirect, affected SAP NetWeaver Application Server Java web servers, enabling the...

CVE-2023-7102

CVE-2023-7102 Zero-Day: Barracuda ESG Struck Again, Update Urgently

A new zero-day vulnerability in Barracuda Networks’ Email Security Gateway (ESG) has been disclosed. The vulnerability, identified as CVE-2023-7102, stems from the open-source third-party library, Spreadsheet::ParseExcel, used in ESG’s malware protection features. This issue...

RetSpill exploitation

RetSpill: A Linux kernel exploitation technique

In the complex domain of cybersecurity, the emergence of RetSpill marks a significant shift in the landscape of Linux kernel exploitation. This ingenious technique exploits the kernel’s design to escalate privileges, bypassing multiple layers...

SMTP Smuggling attack

SMTP Smuggling: The New Threat to Email Security

In the ever-evolving landscape of cybersecurity, a new attack technique named “SMTP Smuggling” has emerged, posing a significant threat to the integrity of email communications. Discovered by Timo Longin, in collaboration with SEC Consult,...